8a45306096c9495a2d0b04674a1901c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a45306096c9495a2d0b04674a1901c7_JaffaCakes118
Size

140KB
MD5

8a45306096c9495a2d0b04674a1901c7
SHA1

c5a0b67f9a72d3734b482070360c4cca11350bf6
SHA256

32cc654cc4073e9dcaf78cf6aa3a49215b24f51e351f121752e3f7dc118a5b36
SHA512

f2081bbf9ac174f35d4a680fc06456bbbd90ec3cbd57d7fb2ee1dafdd50a8d33bee739bc15a3db8a9ddbbc5deab13e993bbb84eba3a656d627435f2908178f94
SSDEEP

3072:Gcu6095NXxXNbV+bfXtNxUHEu2qq2/8FrYC3S4PW:09jXx9MDxX7/rYz4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a45306096c9495a2d0b04674a1901c7_JaffaCakes118

Files

8a45306096c9495a2d0b04674a1901c7_JaffaCakes118
.exe windows:5 windows x64 arch:x64

a4bc3e0c43e825682204407c5b28cb39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

g:\VC5\x64\release\av_install.pdb

Imports

ntdll

ZwCreateSection
ZwOpenFile
RtlDosPathNameToNtPathName_U
LdrFindEntryForAddress
RtlImageNtHeader
LdrAccessResource
LdrFindResource_U
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlFreeUnicodeString
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwDeleteValueKey
ZwFlushKey
ZwEnumerateKey
ZwDeleteKey
memcmp
ZwOpenTimer
ZwSetTimer
ZwDeleteFile
memcpy
RtlIpv4StringToAddressW
RtlIpv4AddressToStringA
memset
ZwWriteFile
strtoul
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
RtlIpv4AddressToStringExA
ZwQueryInformationProcess
RtlGetCurrentPeb
RtlPrefixUnicodeString
RtlNtStatusToDosError
LdrUnloadDll
LdrAddRefDll
sprintf
strlen
ZwRaiseHardError
wcsstr
RtlAdjustPrivilege
LdrLoadDll
RtlInitUnicodeString
wcscpy
ZwClose
ZwQueryKey
ZwImpersonateThread
ZwOpenThread
ZwOpenKey
RtlComputeCrc32
wcslen
swprintf
ZwSetContextThread
ZwProtectVirtualMemory
ZwWaitForSingleObject
ZwGetContextThread
RtlExitUserThread
RtlCreateUserThread
ZwDuplicateObject
ZwOpenProcess
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwResumeThread
ZwQueueApcThread
ZwAllocateVirtualMemory
ZwSetInformationToken
ZwDuplicateToken
ZwAdjustPrivilegesToken
ZwOpenThreadTokenEx
ZwWriteVirtualMemory
ZwReadVirtualMemory
wcschr
__chkstk

kernel32

SetThreadLocale
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
WideCharToMultiByte
CopyFileW
CreateProcessW
ExitThread
GetCommandLineW
LoadLibraryW
VirtualProtect
LoadLibraryExW
ExitProcess
FreeLibraryAndExitThread
Sleep
GetSystemDefaultLangID
GetVersion
LocalFree
LocalAlloc
VirtualAlloc
VirtualFree
FormatMessageW
GetModuleHandleW

advapi32

MD5Update
MD5Final
CreateProcessAsUserW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
MD5Init

user32

GetWindowLongW
SetDlgItemTextW
SetWindowPos
LoadIconW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DialogBoxParamW
PostMessageW
EndDialog
SendMessageW
GetClientRect
FindWindowW
GetDlgItem
MessageBoxW
GetSystemMetrics
CreateWindowExW
AdjustWindowRect
DefWindowProcW
PostQuitMessage
DestroyWindow
OpenDesktopW
SetThreadDesktop
DestroyIcon
UnregisterClassW
DispatchMessageW
TranslateMessage
GetActiveWindow
GetMessageW
RegisterClassW
LoadCursorW
SetWindowTextW

comctl32

ord17

rpcrt4

UuidCreateSequential

gdi32

GetStockObject
SetBkColor
SetTextColor

shell32

ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
LoadTypeLibEx

ws2_32

WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom
WSACleanup

cabinet

ord20
ord22
ord23

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4bc3e0c43e825682204407c5b28cb39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

user32

comctl32

rpcrt4

gdi32

shell32

ole32

oleaut32

ws2_32

cabinet

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB